Our setup package is being quarantined by AVG which sees it as a trojan, we have managed to track the problem down to the Always Cache Setup Sources option in the Build Settings.
When Always Cache Setup Sources is checked it gets picked up by AVG. The other two states (unchecked or full) do not get picked up by AVG and are not quarantined.
Our users need to be able to modify features via add/remove programs and we cannot guarantee that the original setup package will be available therefore we need Always Cache Setup Sources to be enabled.
Does anybody know why turning this setting on would result in our setup package being identifed as a virus?
Always Cache Setup Sources - AVG
-
FrancescoT
- Site Admin
- Posts: 5361
- Joined: Sun Aug 22, 2010 4:28 am
Re: Always Cache Setup Sources - AVG
When Always Cache Setup Sources is checked, the generated setup will store the "setup sources" on the client machine.
"The advantage of caching setup sources is that when a patch is being applied, or when setup is being re-run in maintenance mode without the original installation file or media, setup will never prompt for the original setup sources - patching, or repairing/adding new application features automatically."
The problem you are having doesn't depend on the "Always Cache Setup Sources" option, but instead, by the setup files that get stored as setup sources. The setup sources are nothing else than the source files part of your installer.
With the other two "setup sources" option (unchecked or full), sources are not cached at all or partially cached, and this explains the different behavior of the AV detection.
So you should first try to understand from your setup files, which is the one that gets detected by the AV.
Last but not least, please consider that most of the times these are FALSE positives ...due of an error (FAILURE) of the AV scanner.
Hope this helps you.
"The advantage of caching setup sources is that when a patch is being applied, or when setup is being re-run in maintenance mode without the original installation file or media, setup will never prompt for the original setup sources - patching, or repairing/adding new application features automatically."
The problem you are having doesn't depend on the "Always Cache Setup Sources" option, but instead, by the setup files that get stored as setup sources. The setup sources are nothing else than the source files part of your installer.
With the other two "setup sources" option (unchecked or full), sources are not cached at all or partially cached, and this explains the different behavior of the AV detection.
So you should first try to understand from your setup files, which is the one that gets detected by the AV.
Last but not least, please consider that most of the times these are FALSE positives ...due of an error (FAILURE) of the AV scanner.
Hope this helps you.
Francesco Toscano
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
Re: Always Cache Setup Sources - AVG
Hi Francesco,
Many thanks for coming back to me, I think maybe I wasn’t quite clear in what is happening, and we have done some further testing...
AVG Deletes our setup file when its simply copied to a machine with AVG on it – the setup DOES NOT have to be run, simply copied to the machine.
If we unpack the setup file and virus check EVERY file in the setup AVG does NOT detect any problems with the files.
We have seen similar problems with other AV packages.
We have tried building the setup with various options (with the same contents!):
Always Cache Setup Sources: OFF
Compression: Any
Setup deleted by AVG on copying to machine: NO
Always Cache Setup Sources: ON
Compression: Off
Setup deleted by AVG on copying to machine: NO
Always Cache Setup Sources: ON
Compression: Anything other than OFF
Setup deleted by AVG on copying to machine: YES
Given the same files are being packed in to the setup how can it be the contents?
There are other posts on here reporting the similar thing too.
Obviously we have now found work around (for now) by turning compression off, but this means our setup.exe is 3 times the size it was, we would welcome your advice.
As the problem seem to occur
Only when your code is included that places the install files on the local machine and then you compress it.
And does not occur
With our executables etc whether compressed or uncompressed.
And the only changes are settings in the install build which cause the internal structure of the build to be very different.
We would welcome any information you could share as to whether this has changed (or indeed the compression engine has changed) is later releases of your product?
Many thanks for coming back to me, I think maybe I wasn’t quite clear in what is happening, and we have done some further testing...
AVG Deletes our setup file when its simply copied to a machine with AVG on it – the setup DOES NOT have to be run, simply copied to the machine.
If we unpack the setup file and virus check EVERY file in the setup AVG does NOT detect any problems with the files.
We have seen similar problems with other AV packages.
We have tried building the setup with various options (with the same contents!):
Always Cache Setup Sources: OFF
Compression: Any
Setup deleted by AVG on copying to machine: NO
Always Cache Setup Sources: ON
Compression: Off
Setup deleted by AVG on copying to machine: NO
Always Cache Setup Sources: ON
Compression: Anything other than OFF
Setup deleted by AVG on copying to machine: YES
Given the same files are being packed in to the setup how can it be the contents?
There are other posts on here reporting the similar thing too.
Obviously we have now found work around (for now) by turning compression off, but this means our setup.exe is 3 times the size it was, we would welcome your advice.
As the problem seem to occur
Only when your code is included that places the install files on the local machine and then you compress it.
And does not occur
With our executables etc whether compressed or uncompressed.
And the only changes are settings in the install build which cause the internal structure of the build to be very different.
We would welcome any information you could share as to whether this has changed (or indeed the compression engine has changed) is later releases of your product?
-
FrancescoT
- Site Admin
- Posts: 5361
- Joined: Sun Aug 22, 2010 4:28 am
Re: Always Cache Setup Sources - AVG
Unfortunately what you are reporting looks to be the typical false positive., and there isn't so much that we can do.
In other words, for some mysterious reasons, such AV detects the cached copy of the setup payload as malicious. However, the same AV then lets you to complete the installation, which consists essentially, on the same identical files that get stored as setup source files. This is an error of the AV scanner. If this was a standard app, we would have called this a bug.
As I said many times, most anti-viruses are a cure worse than the disease.
If I can make a suggestion, try to contact the AV manufacturer and ask them to white list your package. This is what most software vendors are forced to do in these cases ...unfortunately.
Hope this helps you.
In other words, for some mysterious reasons, such AV detects the cached copy of the setup payload as malicious. However, the same AV then lets you to complete the installation, which consists essentially, on the same identical files that get stored as setup source files. This is an error of the AV scanner. If this was a standard app, we would have called this a bug.
As I said many times, most anti-viruses are a cure worse than the disease.
If I can make a suggestion, try to contact the AV manufacturer and ask them to white list your package. This is what most software vendors are forced to do in these cases ...unfortunately.
Hope this helps you.
Francesco Toscano
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
InstallAware Software
White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE
Re: Always Cache Setup Sources - AVG
AVG will whitelist it and all will be well. Just email them at support.avg etc.
Who is online
Users browsing this forum: No registered users and 132 guests
